Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18872

18872 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-50313 Siemens Mendix Runtime 竞争条件问题漏洞 — Mendix Runtime V10CWE-362 5.3 Medium2024-11-12
CVE-2024-50310 Siemens SIMATIC CP 1543-1 安全漏洞 — SIMATIC CP 1543-1 V4.0CWE-863 7.5 High2024-11-12
CVE-2024-46891 Siemens SINEC INS 资源管理错误漏洞 — SINEC INSCWE-400 5.3 Medium2024-11-12
CVE-2024-44102 Siemens PP TeleControl Server 代码问题漏洞 — PP TeleControl Server Basic 1000 to 5000 V3.1CWE-502 10.0 Critical2024-11-12
CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass — Relais 2FACWE-288 9.8 Critical2024-11-12
CVE-2024-9357 xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting — xili-tidy-tagsCWE-79 6.1 Medium2024-11-12
CVE-2024-10685 Contact Form 7 Redirect & Thank You Page <= 1.0.6 - Reflected Cross-Site Scripting — Business Essentials for Contact Form 7CWE-79 6.1 Medium2024-11-12
CVE-2024-47593 Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP 4.3 Medium2024-11-12
CVE-2024-47592 Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application) — SAP NetWeaver Application Server Java (Logon Application)CWE-307 5.3 Medium2024-11-12
CVE-2024-47590 Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher — SAP Web DispatcherCWE-791 8.8 High2024-11-12
CVE-2024-47586 NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP PlatformCWE-476 5.3 Medium2024-11-12
CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF — Stirling-PDFCWE-20 6.1AIMediumAI2024-11-11
CVE-2024-10314 Unauthenticated Denial of Service via Auto Generation Function — Helix CoreCWE-400 7.5AIHighAI2024-11-11
CVE-2024-10344 Unauthenticated Denial of Service via Refuse Function — Helix CoreCWE-400 7.5AIHighAI2024-11-11
CVE-2024-10345 Unauthenticated Denial of Service via Shutdown Function — Helix CoreCWE-400 7.5AIHighAI2024-11-11
CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs — DSL6740CCWE-648 9.8 Critical2024-11-11
CVE-2024-11067 D-Link DSL6740C - Arbitrary File Reading through Path Traversal — DSL6740CCWE-23 7.5 High2024-11-11
CVE-2024-11020 Grand Vice info Webopac7 - SQL Injection — Webopac7CWE-89 9.8 Critical2024-11-11
CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS — Webopac7CWE-79 6.1 Medium2024-11-11
CVE-2024-11018 Grand Vice info Webopac - Arbitrary File Upload — WebopacCWE-434 9.8 Critical2024-11-11
CVE-2024-11016 Grand Vice info Webopac - SQL Injection — WebopacCWE-89 9.8 Critical2024-11-11
CVE-2024-10958 WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay — WP Photo Album PlusCWE-94 7.3 High2024-11-10
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 6.1 Medium2024-11-10
CVE-2024-10837 SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter — SysBasics Customize My Account for WooCommerceCWE-79 6.1 Medium2024-11-09
CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-94 7.3 High2024-11-09
CVE-2024-10640 The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution — FOX – Currency Switcher Professional for WooCommerceCWE-94 7.3 High2024-11-09
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-230 9.8 Critical2024-11-09
CVE-2024-10801 WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload — WordPress User Extra FieldsCWE-434 9.8 Critical2024-11-09
CVE-2024-10547 WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload — WP MembershipCWE-434 9.8 Critical2024-11-09
CVE-2024-10871 Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion — Category AJAX Filter – Advanced Filter for Posts & Custom Post TypesCWE-98 9.8 Critical2024-11-09

Vulnerabilities classified as access:pre-auth represent 18872 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.